﻿using Microsoft.AspNetCore.Authorization;

namespace YiShop.Framework.Authorization
{
    /// <summary>
    /// 自定义授权要求处理器
    /// </summary>
    public class PermissionRequirement : IAuthorizationRequirement
    {
        public string Permission { get; }

        public PermissionRequirement(string permission)
        {
            Permission = permission;
        }
    }

    public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
    {
        protected override Task HandleRequirementAsync(
            AuthorizationHandlerContext context,
            PermissionRequirement requirement)
        {
            // 检查用户是否拥有对应权限的 Claim
            if (context.User.HasClaim(c => c.Type == "permissions" && c.Value == requirement.Permission))
            {
                context.Succeed(requirement);
            }
            return Task.CompletedTask;
        }
    }
}